Hagia
log in
morj / nixos-configs
overview
files
history
wiki
Viewing at 
{ pkgs, ... }:

let
  confRoot = "/etc/wireguard/";
  iptables = "${pkgs.iptables}/bin/iptables";
  physicalInterface = "eth0";
in

{
  networking.nat = {
    enable = true;
    externalInterface = physicalInterface;
    internalInterfaces = [ "wg0" ];
  };
  networking.firewall.allowedUDPPorts = [ 51902 ];

  networking.wireguard.interfaces.wg0 = {
    listenPort = 51902;
    ips = [ "192.168.10.1/24" ];
    type = "amneziawg";

    privateKeyFile = confRoot + "server.key";

    postSetup = ''
      ${iptables} -t nat -A POSTROUTING -s 192.168.10.0/24 -o ${physicalInterface} -j MASQUERADE
    '';
    postShutdown = ''
      ${iptables} -t nat -D POSTROUTING -s 192.168.10.0/24 -o ${physicalInterface} -j MASQUERADE
    '';

    peers = [
      # Me, morj
      {
        publicKey = "nIk+5fuOrswxurGHrH5k2x1QHL8+t+NVZ2rKKSwG4xE=";
        allowedIPs = [ "192.168.10.11/32" ];
        presharedKeyFile = confRoot + "nik.psk";
      }
      # Петя
      {
        publicKey = "PeT+bvBzCp9bQAr4I7q3MlOo4dBfD/GzdY0g3ZbZu3s=";
        allowedIPs = [ "192.168.10.12/32" ];
        presharedKeyFile = confRoot + "pet.psk";
      }
      # Удалённый промежуток: Влад, два от отца
      # Мать
      {
        publicKey = "Sve+SCGR8EXzMHQHdkJS1feP/TubYwEWbzHKL7wum0g=";
        allowedIPs = [ "192.168.10.16/32" ];
        presharedKeyFile = confRoot + "sve.psk";
      }
      # Удалённый промежуток: Барсуков
      # Барсуков
      {
        publicKey = "bP1+AekIg01BUFRZe/H3JFjI+AtRCR1F7w/1xtFJYD4=";
        allowedIPs = [ "192.168.10.19/32" ];
        presharedKeyFile = confRoot + "bp1.psk";
      }
      # Барсуков
      {
        publicKey = "Bp3+ZZVvxIilduxrMayH/dCg53aSMnmMMCy92M4/zV0=";
        allowedIPs = [ "192.168.10.20/32" ];
        presharedKeyFile = confRoot + "bp3.psk";
      }
      # Барсуков
      {
        publicKey = "bP4+rpqtOzOiRp/PYqi2dCapzngcdytrSj/Iyqy8J3I=";
        allowedIPs = [ "192.168.10.21/32" ];
        presharedKeyFile = confRoot + "bp4.psk";
      }
      # Аркашет
      {
        publicKey = "aRKZbVaTKViTH658XztWj5gDT3FpAN20/O6HV05V0VU=";
        allowedIPs = [ "192.168.10.22/32" ];
      }
      # Дима
      {
        publicKey = "DImLZEDSmjsdnV7/vSR/bqFwgnjPuy7glEFLj1piLlk=";
        allowedIPs = [ "192.168.10.23/32" ];
      }
      # Жека
      {
        publicKey = "jEKl9NnFO2bD0PoXCYkecy+gsORfsQ/jeLQbcG21/Ac=";
        allowedIPs = [ "192.168.10.24/32" ];
      }
      # Сервер
      {
        publicKey = "DsrT+zjVlWaruorIDUXEOLeJ1w4Df6MZVByfEKNM4iQ=";
        allowedIPs = [ "192.168.10.25/32" ];
        presharedKeyFile = confRoot + "dsrt.psk";
      }
    ];
  };
}